This is part of an ongoing Motherboard series on the proliferation of phone cracking technology, the people behind it, and who is buying it. Follow
This is part of an ongoing Motherboard series on the proliferation of phone cracking technology, the people behind it, and who is buying it. Follow along here.
Thursday, Motherboard published an investigation showing that police forces and federal agencies across the country have purchased relatively cheap tools to unlock up-to-date iPhones, bypassing their encryption. The news came as the FBI and Justice Department have reignited their efforts to find a more permanent solution to accessing encrypted devices, likely with the creation of a so-called backdoor.
Even though the FBI is at the forefront of highlighting the going dark debate, in which law enforcement officials say they are being cut-off from evidence of crimes due to encryption, the Bureau has refused to say whether or not it also bought the new iPhone cracking technology, called GrayKey, in a response to a Freedom of Information Act request from Motherboard.
“The FBI neither confirms nor denies the existence of records which would indicate whether an individual or organization is or has ever been of investigatory interest,” the response, received by Motherboard Thursday, reads. (Motherboard received a similarly worded response when requesting contracts between the FBI and Hacking Team, an Italian malware vendor which the FBI did purchase surveillance software from).
Got a tip? You can contact this reporter securely on Signal on +44 20 8133 5190, OTR chat on firstname.lastname@example.org, or email email@example.com.
A company called Grayshift sells the GrayKey. The device itself is a small, 4×4 inches box with two lightning cables for plugging in iPhones. According to cybersecurity firm Malwarebytes, the device can unlock iPhones in around two hours, or the process can take three days or longer if the passcode is 6 digits long. Forbes previously reported, based on GrayKey marketing material, that the tool can unlock even the iPhone X, Apple’s most recent phone, as well as devices running iOS 11, the latest Apple mobile operating system.
Motherboard’s investigation into the proliferation of GrayKey found that the Maryland State Police and Indiana State Police have procured the technology; local police forces have indicated they may have purchased the tool; other forces have received quotes from Grayshift; that the DEA is interested in sourcing GrayKey; the Secret Service plans to buy six of the boxes; and that the State Department has bought GrayKey.
Phone cracking technology is hardly controversial: as phones have become the digital centre of our lives, unlocking phones is a standard and established part of law enforcement. And the FBI has been open with its purchase of tools similar to GrayKey, at least judging by online procurement records. Motherboard previously found that the FBI spent $2 million on products from Cellebrite, a popular mobile forensics firm.
In March, The New York Times reported that officials from the FBI and Department of Justice were quietly meeting security researchers, looking for potential solutions that would grant authorities more reliable access to encrypted devices. Cryptographers and technologists typically refer to this approach as introducing a so-called backdoor.
GrayKey’s existence “means that adding backdoors isn’t so much a question of adding a secure door to the walls of a stone castle. It’s like adding extra holes in the walls of a sandcastle,” Matthew Green, an assistant professor and cryptographer at the Johns Hopkins Information Security Institute, previously told Motherboard.
When asked if the existence and affordability of GrayKey undermines the FBI’s argument for mandating encryption backdoors, a Bureau spokesperson previously told Motherboard in a statement “The FBI does not comment on specific tools or technologies; however, there is no one size fits all solution to Going Dark.”